Let us say you have a position in management for a large corporation you began working for about six months ago. Company information is leaking out, and, possibly because you are new to the team, you are among those investigation for “pretexting.” What is pretexting, and is it a crime?
Social engineering
You may have heard of “social engineering.” This is the term given when someone seeks to deceive someone else into giving out personal or sensitive information. When the social engineer does research on the victim and comes up with certain bits of personal information, he or she uses that to elicit more information, such as a Social Security or credit card number. The instigator is actually playing a con game, leading the victim to provide the information because he or she believes the social engineer to be legitimate.
Pretexting is the next step
Pretexting gained national attention when Hewlett-Packard board members were suspected of leaking company information to the press. In trying to identify the leakers, investigators obtained the personal phone records of the board members. The question of legality came up, testimony before Congress ensued and several HP board members resigned.
Taking action
The result of the HP scandal was the Telephone Records and Privacy Protection Act of 2006 President Bush signed into law, making pretexting illegal. In other words, you cannot use fraudulent methods to obtain personal information, such as the phone company billing records of individual customers. The law applies to information obtained through either phone or electronic communications. Breaking the law can lead to significant penalties like hefty fines and a prison term of up to 10 years.
Act quickly
If currently under investigation for pretexting, remember that you have rights and legal options to explore. Act sooner rather than later. It may be possible to work with your employer to mitigate the situation before the authorities file charges against you.